Anyone who opted to try that combination could then add or remove employee accounts from the system, in addition to viewing passwords, viewing the source code of the site, or accessing the personal data of anyone in the system. To call it an egregious flaw would be putting it lightly. It’s the sort of mistake you’d think would be in training manuals – the kind of thing no one should ever do.

The sad thing isn’t that Equifax practised such poor security. It’s the fact that they’re far from the only organization to do so.

What makes the situation with Equifax so troubling is that it speaks to an unpleasant truth about the state of cybersecurity. Our data, no matter where it’s stored or with what company, is constantly at risk. We have no assurance that businesses are doing what’s necessary to keep our information safe and protect us from identity theft.

Equifax is far from the first major organization to fall under scrutiny for poor security practices, nor will it be the last. Until we have some means of more effectively taking organizations to task for failing to keep our information safe, breaches like this are still going to happen. In the meantime, the best that any of us can do is to keep track of our own data – and to ensure our own businesses are an exception to the sad state of the security space.